diff options
| author |   deraadt <deraadt@openbsd.org> | 2019-11-06 19:04:12 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2019-11-06 19:04:12 +0000 |
| commit | 162942f1c3aad578e294c58d08e589920bdec60d (patch) | |
| tree | 1275041818ccbf58832c068e551ea6fd93afb43e | |
| parent | useless debug output (diff) | |
| download | wireguard-openbsd-162942f1c3aad578e294c58d08e589920bdec60d.tar.xz wireguard-openbsd-162942f1c3aad578e294c58d08e589920bdec60d.zip | |
Perform contraint validation against 9.9.9.9 and 2620:fe::fe also (which
avoids DNS lookups entirely, but yes this https is correctly validated)
long discussions with otto, florian, and the quad9 crew.
| -rw-r--r-- | etc/ntpd.conf | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/ntpd.conf b/etc/ntpd.conf index 1ff0154d555..a4a3b055b8e 100644 --- a/etc/ntpd.conf +++ b/etc/ntpd.conf @@ -1,8 +1,11 @@ -# $OpenBSD: ntpd.conf,v 1.15 2019/07/04 05:19:31 deraadt Exp $ +# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $ # # See ntpd.conf(5) and /etc/examples/ntpd.conf servers pool.ntp.org server time.cloudflare.com sensor * -constraints from "https://www.google.com" + +constraint from "9.9.9.9" # quad9 v4 without DNS +constraint from "2620:fe::fe" # quad9 v6 without DNS +constraints from "www.google.com" # intentionally not 8.8.8.8 |